<?PHP

//session_start();
//if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
//header ("Location: login.php");
//}
//set the session variable to 1, if the user signs up. That way, they can use the site straight away
//do you want to send the user a confirmation email?
//does the user need to validate an email address, before they can use the site?
//do you want to display a message for the user that a particular username is already taken?
//test to see if the u and p are long enough
//you might also want to test if the users is already logged in. That way, they can't sign up repeatedly without closing down the browser
//other login methods - set a cookie, and read that back for every page
//collect other information: date and time of login, ip address, etc
//don't store passwords without encrypting them

$uname = "";
$pword = "";
$errorMessage = "";
$num_rows = 0;
$used = "";

function quote_smart($value, $handle) {

    if (get_magic_quotes_gpc()) {
        $value = stripslashes($value);
    }

    if (!is_numeric($value)) {
        $value = "'" . mysql_real_escape_string($value, $handle) . "'";
    }
    return $value;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

    //====================================================================
    //	GET THE CHOSEN U AND P, AND CHECK IT FOR DANGEROUS CHARCTERS
    //====================================================================
    $uname = $_POST['username'];
    $pword = $_POST['password'];
    $first_name = $_POST['first_name'];
    $last_name = $_POST['last_name'];
    $email = $_POST['email'];

    $uname = htmlspecialchars($uname);
    $pword = htmlspecialchars($pword);
    $first_name = htmlspecialchars($first_name);
    $last_name = htmlspecialchars($last_name);
    $email = htmlspecialchars($email);

    //====================================================================
    //	CHECK TO SEE IF U AND P ARE OF THE CORRECT LENGTH
    //	A MALICIOUS USER MIGHT TRY TO PASS A STRING THAT IS TOO LONG
    //	if no errors occur, then $errorMessage will be blank
    //====================================================================

    $uLength = strlen($uname);
    $pLength = strlen($pword);

    if ($uLength >= 8 && $uLength <= 20) {
        $errorMessage = "";
    } else {
        $errorMessage = $errorMessage . "Username must be between 8 and 20 characters" . "<BR>";
    }

    if ($pLength >= 8 && $pLength <= 16) {
        $errorMessage = "";
    } else {
        $errorMessage = $errorMessage . "Password must be between 8 and 16 characters" . "<BR>";
    }


//test to see if $errorMessage is blank
//if it is, then we can go ahead with the rest of the code
//if it's not, we can display the error
    //====================================================================
    //	Write to the database
    //====================================================================
    if ($errorMessage == "") {

        $user_name = "root";
        $pass_word = "haddons";
        $database = "PPI";
        $server = "127.0.0.1";

        $db_handle = mysql_connect($server, $user_name, $pass_word);
        $db_found = mysql_select_db($database, $db_handle);

        if ($db_found) {

            //$uname = quote_smart($uname, $db_handle);
            //print "uname=" . $uname . "<br>";
            //$pword = quote_smart($pword, $db_handle);
            //====================================================================
            //	CHECK THAT THE USERNAME IS NOT TAKEN
            //====================================================================
//print "uname = " . $uname . ".<br>";

            $SQL = "SELECT * FROM users WHERE login_ID = '$uname'";

            $result = mysql_query($SQL);

            if ($result == NULL) {
                $num_rows = 0;
            } else {
                $num_rows = mysql_num_rows($result);
            }

            if ($num_rows > 0) {
                $used = "<span class='error'>Username already taken</span>";
            } else {

                $errorMessage = "adding to user table<br>";
                $SQL = "INSERT INTO users (login_ID, password, first_name, last_name, email) VALUES ('$uname', md5('$pword'), '$first_name', '$last_name', '$email')";

                $iresult = mysql_query($SQL);

                mysql_close($db_handle);

                //=================================================================================
                //	START THE SESSION AND PUT SOMETHING INTO THE SESSION VARIABLE CALLED login
                //	SEND USER TO A DIFFERENT PAGE AFTER SIGN UP
                //=================================================================================
                session_start();
                $_SESSION['login'] = $login_ID;
                header("Location: index.php");
            }
        } else {
            $errorMessage = "Database Not Found";
        }
    }
}
?>
<!DOCTYPE html>
<html>
    <head>
        <title></title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <link rel="stylesheet" href="./css/main.css" type="text/css">
    </head>
    <body>
<?PHP
//include 'i_head.html';
include 'i_register.html';
include 'i_foot.html';
?>


<?PHP print $errorMessage; ?>

